[netfilter-cvslog] r3697 - trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter

laforge at netfilter.org laforge at netfilter.org
Tue Feb 15 02:39:22 CET 2005


Author: laforge at netfilter.org
Date: 2005-02-15 02:39:15 +0100 (Tue, 15 Feb 2005)
New Revision: 3697

Modified:
   trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c
Log:
[NETFILTER]: fix stats in __ip_conntrack_confirm

net_rx_softirq can preempt the calling process while incrementing the stats.
I think that we can fix this moving both CONNTRACK_STAT_INC to the locked
section. 

Signed-off-by: Pablo Neira Ayuso <pablo at eurodev.net>
Signed-off-by: Patrick McHardy <kaber at trash.net>



Modified: trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c
===================================================================
--- trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c	2005-02-15 01:37:08 UTC (rev 3696)
+++ trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c	2005-02-15 01:39:15 UTC (rev 3697)
@@ -663,13 +663,13 @@
 		add_timer(&ct->timeout);
 		atomic_inc(&ct->ct_general.use);
 		set_bit(NF_S_CONFIRMED_BIT, &ct->status);
+		NF_CT_STAT_INC(insert);
 		WRITE_UNLOCK(&nf_conntrack_lock);
-		NF_CT_STAT_INC(insert);
 		return NF_ACCEPT;
 	}
 
+	NF_CT_STAT_INC(insert_failed);
 	WRITE_UNLOCK(&nf_conntrack_lock);
-	NF_CT_STAT_INC(insert_failed);
 	DEBUGP("__nf_conntrack_confirm: duplicated conntrack\n");
 	return NF_DROP;
 }




More information about the netfilter-cvslog mailing list